From 6c9369ad85f2fb3dc61234b54db7e7079cdc0c4e Mon Sep 17 00:00:00 2001 From: cflip <36554078+cflip@users.noreply.github.com> Date: Fri, 23 Apr 2021 18:43:12 -0600 Subject: Refactoring part 1 --- includes/model/Category.php | 103 +++++++++++++++++++++++++++++++++++++ includes/model/Post.php | 121 ++++++++++++++++++++++++++++++++++++++++++++ includes/model/Thread.php | 111 ++++++++++++++++++++++++++++++++++++++++ includes/model/User.php | 59 +++++++++++++++++++++ 4 files changed, 394 insertions(+) create mode 100644 includes/model/Category.php create mode 100644 includes/model/Post.php create mode 100644 includes/model/Thread.php create mode 100644 includes/model/User.php (limited to 'includes/model') diff --git a/includes/model/Category.php b/includes/model/Category.php new file mode 100644 index 0000000..b7c46d9 --- /dev/null +++ b/includes/model/Category.php @@ -0,0 +1,103 @@ +id = $id; + $this->name = $row['cat_name']; + $this->description = $row['cat_description']; + $this->thread_count = $row['cat_thread_count']; + $this->post_count = $row['cat_post_count']; + } + } + + mysqli_free_result($result); + return 1; + } + + function get_threads($dbc) { + $sql = "SELECT thread_id FROM threads WHERE thread_category = " . $this->id . " ORDER BY thread_date_lastpost DESC"; + $result = mysqli_query($dbc, $sql); + + if (!$result) { + echo 'Could not get threads from category: ' . mysqli_error($dbc); + } + + $threads = array(); + + if (mysqli_num_rows($result) == 0) { + } else { + while ($row = mysqli_fetch_assoc($result)) { + $thread = new Thread(); + $thread->get_from_database($row['thread_id'], $dbc); + array_push($threads, $thread); + } + } + + mysqli_free_result($result); + return $threads; + } + + function get_latest_thread($dbc) { + $sql = "SELECT thread_id FROM threads WHERE thread_category = " . $this->id . " ORDER BY thread_date_lastpost DESC LIMIT 1"; + $result = mysqli_query($dbc, $sql); + + if (!$result) { + echo 'Could not get thread from category: ' . mysqli_error($dbc); + } + + $thread = null; + + if (mysqli_num_rows($result) == 0) { + } else { + while ($row = mysqli_fetch_assoc($result)) { + $thread = new Thread(); + $thread->get_from_database($row['thread_id'], $dbc); + } + } + + mysqli_free_result($result); + return $thread; + } +} + +function get_all_categories($dbc) { + $sql = "SELECT cat_id FROM categories ORDER BY cat_id ASC;"; + $result = mysqli_query($dbc, $sql); + + if (!$result) { + echo 'Failed to get categories: ' . mysqli_error($dbc); + } + + $categories = array(); + + if (mysqli_num_rows($result) == 0) { + } else { + while ($row = mysqli_fetch_assoc($result)) { + $category = new Category(); + $category->get_from_database($row['cat_id'], $dbc); + array_push($categories, $category); + } + } + + mysqli_free_result($result); + return $categories; +} \ No newline at end of file diff --git a/includes/model/Post.php b/includes/model/Post.php new file mode 100644 index 0000000..34d6a79 --- /dev/null +++ b/includes/model/Post.php @@ -0,0 +1,121 @@ +'; + } + + $reply = mysqli_fetch_assoc($result); + + if (empty($reply)) { + return '
This post has been deleted
'; + } + + return '
Quote from ' . $reply['user_name'] . '
' . $reply['post_content'] . '
'; + } +} + +class Post { + public $id; + public $content; + public $date_created; + public $date_edited; + public $thread; + public $author; + + function get_from_database($id, $dbc) { + // TODO: Potential SQL injection risk? + $sql = "SELECT post_content, post_date_created, post_date_edited, post_thread, post_author FROM posts WHERE post_id = " . mysqli_real_escape_string($dbc, $id); + $result = mysqli_query($dbc, $sql); + + if (!$result) { + echo 'Failed to get post: ' . mysqli_error($dbc); + } + + if (mysqli_num_rows($result) == 0) { + return 0; + } else { + while ($row = mysqli_fetch_assoc($result)) { + $this->id = $id; + $this->content = $row['post_content']; + $this->date_created = $row['post_date_created']; + $this->date_edited = $row['post_date_edited']; + + $this->thread = new Thread(); + $this->thread->get_from_database($row['post_thread'], $dbc); + + $this->author = new User(); + $this->author->get_by_id($row['post_author'], $dbc); + } + } + + mysqli_free_result($result); + return 1; + } + + function display_content($dbc) { + echo '
#' . $this->id . ''; + echo ' Posted by ' . $this->author->name . ''; + echo ' on ' . date('m/d/Y g:ia', strtotime($this->date_created)); + if (!is_null($this->date_edited)) { + echo ' edited ' . date('m/d/Y g:ia', strtotime($this->date_edited)) . ''; + } + if (isset($_SESSION['signed_in']) && $_SESSION['user_id'] == $this->author->id) { + echo ''; + echo '[Edit/Delete] '; + echo''; + } + echo '
'; + + $post_content = $this->content; + $thread_id = $this->id; + + $post_content = preg_replace_callback('/>#\d+/', function($matches) use($thread_id, $dbc) { + return add_quote($dbc, $thread_id, $matches); + }, $post_content); + + // Replace newline characters with HTML
tags + $post_content = nl2br($post_content); + + // Replace YouTube URLs with embedded YouTube videos. + $post_content = preg_replace( + "/\s*[a-zA-Z\/\/:\.]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/\*\-\_\?\&\;\%\=\.]*)/i", + '
', $post_content); + // Replace Image URLs with embedded images. + $post_content = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+(?:\.jpg|\.png|\.gif))(?![^<]*?(?:|/?>))@i', 'http$2://$3', $post_content); + // Replace other URLs with links. + $post_content = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+)(?![^<]*?(?:|/?>))@i', '$0', $post_content); + + echo '' . $post_content . ''; + } +} + +function get_all_posts($dbc) { + $sql = "SELECT post_id FROM posts"; + $result = mysqli_query($dbc, $sql); + + if (!$result) { + echo 'Failed to get posts: ' . mysqli_error($dbc); + } + + $posts = array(); + + if (mysqli_num_rows($result) == 0) { + } else { + while ($row = mysqli_fetch_assoc($result)) { + $post = new Post(); + $post->get_from_database($row['post_id'], $dbc); + array_push($posts, $post); + } + } + + mysqli_free_result($result); + return $posts; +} diff --git a/includes/model/Thread.php b/includes/model/Thread.php new file mode 100644 index 0000000..a9dc690 --- /dev/null +++ b/includes/model/Thread.php @@ -0,0 +1,111 @@ +id = $id; + $this->subject = $row['thread_subject']; + $this->date_created = $row['thread_date_created']; + $this->date_lastpost = $row['thread_date_lastpost']; + + $this->category = new Category(); + $this->category->get_from_database($row['thread_category'], $dbc); + + $this->author = new User(); + $this->author->get_by_id($row['thread_author'], $dbc); + } + } + + mysqli_free_result($result); + return 1; + } + + function get_posts($dbc) { + $sql = "SELECT post_id FROM posts WHERE post_thread = " . $this->id; + $result = mysqli_query($dbc, $sql); + + if (!$result) { + echo 'Could not get posts from thread: ' . mysqli_error($dbc); + } + + $posts = array(); + + if (mysqli_num_rows($result) == 0) { + } else { + while ($row = mysqli_fetch_assoc($result)) { + $post = new Post(); + $post->get_from_database($row['post_id'], $dbc); + array_push($posts, $post); + } + } + + mysqli_free_result($result); + return $posts; + } + + function get_latest_post($dbc) { + $sql = "SELECT post_id FROM posts WHERE post_thread = " . $this->id . " ORDER BY post_date_created DESC LIMIT 1"; + $result = mysqli_query($dbc, $sql); + + if (!$result) { + echo 'Could not get post from category: ' . mysqli_error($dbc); + } + + $post = null; + + if (mysqli_num_rows($result) == 0) { + } else { + while ($row = mysqli_fetch_assoc($result)) { + $post = new Post(); + $post->get_from_database($row['post_id'], $dbc); + } + } + + mysqli_free_result($result); + return $post; + } +} + +function get_all_threads($dbc) { + $sql = "SELECT thread_id FROM threads"; + $result = mysqli_query($dbc, $sql); + + if (!$result) { + echo 'Failed to get threads: ' . mysqli_error($dbc); + } + + $threads = array(); + + if (mysqli_num_rows($result) == 0) { + } else { + while ($row = mysqli_fetch_assoc($result)) { + $thread = new Thread(); + $thread->get_from_database($row['thread_id'], $dbc); + array_push($threads, $thread); + } + } + + mysqli_free_result($result); + return $threads; +} diff --git a/includes/model/User.php b/includes/model/User.php new file mode 100644 index 0000000..1c48afb --- /dev/null +++ b/includes/model/User.php @@ -0,0 +1,59 @@ +id = $row['user_id']; + $this->name = $name; + $this->date = $row['user_date']; + $this->level = $row['user_level']; + } + } + + mysqli_free_result($result); + mysqli_stmt_close($stmt); + } + + function get_by_id($id, $dbc) { + $sql = "SELECT user_name, user_date, user_level FROM users WHERE user_id = " . mysqli_real_escape_string($dbc, $id); + $result = mysqli_query($dbc, $sql); + + if (!$result) { + echo 'Failed to get user: ' . mysqli_error($dbc); + } + + if (mysqli_num_rows($result) == 0) { + } else { + while ($row = mysqli_fetch_assoc($result)) { + $this->id = $id; + $this->name = $row['user_name']; + $this->date = $row['user_date']; + $this->level = $row['user_level']; + } + } + + mysqli_free_result($result); + } + +} \ No newline at end of file -- cgit v1.2.3 From 7c3f2e348c015ea93563d866f89ec8cea9159ea0 Mon Sep 17 00:00:00 2001 From: cflip <36554078+cflip@users.noreply.github.com> Date: Sat, 24 Apr 2021 09:40:20 -0600 Subject: Refactoring part 2 Starting to move some functionality such as the session and database connection into singleton classes to manage them. Functions for modifying posts and threads are being put in one place as well. --- includes/model/User.php | 36 ++++++++++++++---------------------- 1 file changed, 14 insertions(+), 22 deletions(-) (limited to 'includes/model') diff --git a/includes/model/User.php b/includes/model/User.php index 1c48afb..c780ff0 100644 --- a/includes/model/User.php +++ b/includes/model/User.php @@ -1,14 +1,17 @@ id = $id; - $this->name = $row['user_name']; - $this->date = $row['user_date']; - $this->level = $row['user_level']; - } - } - - mysqli_free_result($result); - } + function get_by_id($id) + { + $sql = "SELECT user_name, user_date, user_level FROM users WHERE user_id = ?;"; + $result = Database::get()->query($sql, "i", $id); + $this->id = $id; + $this->name = $result[0]['user_name']; + $this->date = $result[0]['user_date']; + $this->level = $result[0]['user_level']; + } } \ No newline at end of file -- cgit v1.2.3 From 2098bf444afadcf0363d89b4cc1dca5d2213d754 Mon Sep 17 00:00:00 2001 From: cflip <36554078+cflip@users.noreply.github.com> Date: Sat, 24 Apr 2021 19:40:50 -0600 Subject: Remove all uses of db_inc.php This method of importing the database login every time wasn't very good. Now everything uses the new Database singleton class. --- includes/model/Category.php | 111 +++++++++++++----------------------------- includes/model/Post.php | 100 ++++++++++---------------------------- includes/model/Thread.php | 114 +++++++++++++------------------------------- includes/model/User.php | 36 ++++++-------- 4 files changed, 106 insertions(+), 255 deletions(-) (limited to 'includes/model') diff --git a/includes/model/Category.php b/includes/model/Category.php index b7c46d9..ed53bdc 100644 --- a/includes/model/Category.php +++ b/includes/model/Category.php @@ -2,102 +2,55 @@ include_once 'Thread.php'; -class Category { +class Category +{ public $id = 0; public $name = 'Unknown'; public $description = 'This category does not exist'; public $thread_count = 0; public $post_count = 0; - function get_from_database($id, $dbc) { - $sql = "SELECT cat_name, cat_description, cat_thread_count, cat_post_count FROM categories WHERE cat_id = " . mysqli_real_escape_string($dbc, $id); - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Failed to get category: ' . mysqli_error($dbc); - } - - if (mysqli_num_rows($result) == 0) { - return 0; - } else { - while ($row = mysqli_fetch_assoc($result)) { - $this->id = $id; - $this->name = $row['cat_name']; - $this->description = $row['cat_description']; - $this->thread_count = $row['cat_thread_count']; - $this->post_count = $row['cat_post_count']; - } + function get_from_database($id): bool + { + $sql = "SELECT cat_name, cat_description, cat_thread_count, cat_post_count FROM categories WHERE cat_id = ?;"; + $result = Database::get()->query($sql, "i", $id); + + if (empty($result)) { + return false; } - - mysqli_free_result($result); - return 1; + + $this->id = $id; + $this->name = $result[0]['cat_name']; + $this->description = $result[0]['cat_description']; + $this->thread_count = $result[0]['cat_thread_count']; + $this->post_count = $result[0]['cat_post_count']; + + return true; } - function get_threads($dbc) { - $sql = "SELECT thread_id FROM threads WHERE thread_category = " . $this->id . " ORDER BY thread_date_lastpost DESC"; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Could not get threads from category: ' . mysqli_error($dbc); - } - + function get_threads(): array + { + $sql = "SELECT thread_id FROM threads WHERE thread_category = ? ORDER BY thread_date_lastpost DESC"; + $result = Database::get()->query($sql, "i", $this->id); $threads = array(); - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $thread = new Thread(); - $thread->get_from_database($row['thread_id'], $dbc); - array_push($threads, $thread); - } + foreach ($result as $row) { + $thread = new Thread(); + $thread->get_from_database($row['thread_id']); + array_push($threads, $thread); } - mysqli_free_result($result); return $threads; } - function get_latest_thread($dbc) { - $sql = "SELECT thread_id FROM threads WHERE thread_category = " . $this->id . " ORDER BY thread_date_lastpost DESC LIMIT 1"; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Could not get thread from category: ' . mysqli_error($dbc); - } - - $thread = null; - - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $thread = new Thread(); - $thread->get_from_database($row['thread_id'], $dbc); - } - } + function get_latest_thread(): Thread + { + $sql = "SELECT thread_id FROM threads WHERE thread_category = ? ORDER BY thread_date_lastpost DESC LIMIT 1"; + $result = Database::get()->query($sql, "i", $this->id); + + $thread = new Thread(); + $thread->get_from_database($result[0]['thread_id']); - mysqli_free_result($result); return $thread; } } - -function get_all_categories($dbc) { - $sql = "SELECT cat_id FROM categories ORDER BY cat_id ASC;"; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Failed to get categories: ' . mysqli_error($dbc); - } - - $categories = array(); - - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $category = new Category(); - $category->get_from_database($row['cat_id'], $dbc); - array_push($categories, $category); - } - } - - mysqli_free_result($result); - return $categories; -} \ No newline at end of file diff --git a/includes/model/Post.php b/includes/model/Post.php index 34d6a79..86373b6 100644 --- a/includes/model/Post.php +++ b/includes/model/Post.php @@ -2,27 +2,8 @@ include_once 'Thread.php'; -function add_quote($dbc, $thread_id, $matches) { - foreach ($matches as $match) { - $id = (int) filter_var($match, FILTER_SANITIZE_NUMBER_INT); - $sql = "SELECT post_content, post_author, post_thread, user_name FROM posts LEFT JOIN users ON post_author = user_id WHERE post_id = " . $id; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - return '
'; - } - - $reply = mysqli_fetch_assoc($result); - - if (empty($reply)) { - return '
This post has been deleted
'; - } - - return '
Quote from ' . $reply['user_name'] . '
' . $reply['post_content'] . '
'; - } -} - -class Post { +class Post +{ public $id; public $content; public $date_created; @@ -30,39 +11,33 @@ class Post { public $thread; public $author; - function get_from_database($id, $dbc) { - // TODO: Potential SQL injection risk? - $sql = "SELECT post_content, post_date_created, post_date_edited, post_thread, post_author FROM posts WHERE post_id = " . mysqli_real_escape_string($dbc, $id); - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Failed to get post: ' . mysqli_error($dbc); + function get_from_database($id): bool + { + $sql = "SELECT post_content, post_date_created, post_date_edited, post_thread, post_author FROM posts WHERE post_id = ?;"; + $result = Database::get()->query($sql, "i", $id); + + if (empty($result)) { + return false; } - - if (mysqli_num_rows($result) == 0) { - return 0; - } else { - while ($row = mysqli_fetch_assoc($result)) { - $this->id = $id; - $this->content = $row['post_content']; - $this->date_created = $row['post_date_created']; - $this->date_edited = $row['post_date_edited']; - $this->thread = new Thread(); - $this->thread->get_from_database($row['post_thread'], $dbc); + $this->id = $id; + $this->content = $result[0]['post_content']; + $this->date_created = $result[0]['post_date_created']; + $this->date_edited = $result[0]['post_date_edited']; - $this->author = new User(); - $this->author->get_by_id($row['post_author'], $dbc); - } - } + $this->thread = new Thread(); + $this->thread->get_from_database($result[0]['post_thread']); + + $this->author = new User(); + $this->author->get_by_id($result[0]['post_author']); - mysqli_free_result($result); - return 1; + return true; } - function display_content($dbc) { + function display_content($dbc) + { echo '
#' . $this->id . ''; - echo ' Posted by ' . $this->author->name . ''; + echo ' Posted by ' . $this->author->name . ''; echo ' on ' . date('m/d/Y g:ia', strtotime($this->date_created)); if (!is_null($this->date_edited)) { echo ' edited ' . date('m/d/Y g:ia', strtotime($this->date_edited)) . ''; @@ -70,22 +45,22 @@ class Post { if (isset($_SESSION['signed_in']) && $_SESSION['user_id'] == $this->author->id) { echo ''; echo '[Edit/Delete] '; - echo''; + echo ''; } echo '
'; $post_content = $this->content; $thread_id = $this->id; - $post_content = preg_replace_callback('/>#\d+/', function($matches) use($thread_id, $dbc) { - return add_quote($dbc, $thread_id, $matches); + $post_content = preg_replace_callback('/>#\d+/', function ($matches) use ($thread_id, $dbc) { + return create_quote($dbc, $thread_id, $matches); }, $post_content); // Replace newline characters with HTML
tags $post_content = nl2br($post_content); // Replace YouTube URLs with embedded YouTube videos. - $post_content = preg_replace( + $post_content = preg_replace( "/\s*[a-zA-Z\/\/:\.]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/\*\-\_\?\&\;\%\=\.]*)/i", '
', $post_content); // Replace Image URLs with embedded images. @@ -96,26 +71,3 @@ class Post { echo '' . $post_content . ''; } } - -function get_all_posts($dbc) { - $sql = "SELECT post_id FROM posts"; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Failed to get posts: ' . mysqli_error($dbc); - } - - $posts = array(); - - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $post = new Post(); - $post->get_from_database($row['post_id'], $dbc); - array_push($posts, $post); - } - } - - mysqli_free_result($result); - return $posts; -} diff --git a/includes/model/Thread.php b/includes/model/Thread.php index a9dc690..cfe10d6 100644 --- a/includes/model/Thread.php +++ b/includes/model/Thread.php @@ -4,7 +4,8 @@ include_once 'Category.php'; include_once 'User.php'; include_once 'Post.php'; -class Thread { +class Thread +{ public $id = 0; public $subject = 'Unknown thread'; public $date_created = 0; @@ -12,100 +13,53 @@ class Thread { public $category; public $author; - function get_from_database($id, $dbc) { - $sql = "SELECT thread_subject, thread_date_created, thread_date_lastpost, thread_category, thread_author FROM threads WHERE thread_id = " . mysqli_real_escape_string($dbc, $id); - $result = mysqli_query($dbc, $sql); - - if (!$result) { - die('Error trying to display thread page: ' . mysqli_error($dbc)); + function get_from_database($id): bool + { + $sql = "SELECT thread_subject, thread_date_created, thread_date_lastpost, thread_category, thread_author FROM threads WHERE thread_id = ?;"; + $result = Database::get()->query($sql, "i", $id); + + if (empty($result)) { + return false; } - - if (mysqli_num_rows($result) == 0) { - return 0; - } else { - while ($row = mysqli_fetch_assoc($result)) { - $this->id = $id; - $this->subject = $row['thread_subject']; - $this->date_created = $row['thread_date_created']; - $this->date_lastpost = $row['thread_date_lastpost']; - $this->category = new Category(); - $this->category->get_from_database($row['thread_category'], $dbc); + $this->id = $id; + $this->subject = $result[0]['thread_subject']; + $this->date_created = $result[0]['thread_date_created']; + $this->date_lastpost = $result[0]['thread_date_lastpost']; - $this->author = new User(); - $this->author->get_by_id($row['thread_author'], $dbc); - } - } + $this->category = new Category(); + $this->category->get_from_database($result[0]['thread_category']); - mysqli_free_result($result); - return 1; + $this->author = new User(); + $this->author->get_by_id($result[0]['thread_author']); + + return true; } - function get_posts($dbc) { - $sql = "SELECT post_id FROM posts WHERE post_thread = " . $this->id; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Could not get posts from thread: ' . mysqli_error($dbc); - } - + function get_posts(): array + { + $sql = "SELECT post_id FROM posts WHERE post_thread = ?"; + $result = Database::get()->query($sql, "i", $this->id); + $posts = array(); - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $post = new Post(); - $post->get_from_database($row['post_id'], $dbc); - array_push($posts, $post); - } + foreach ($result as $row) { + $post = new Post(); + $post->get_from_database($row['post_id']); + array_push($posts, $post); } - mysqli_free_result($result); return $posts; } - function get_latest_post($dbc) { - $sql = "SELECT post_id FROM posts WHERE post_thread = " . $this->id . " ORDER BY post_date_created DESC LIMIT 1"; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Could not get post from category: ' . mysqli_error($dbc); - } - - $post = null; + function get_latest_post(): Post + { + $sql = "SELECT post_id FROM posts WHERE post_thread = ? ORDER BY post_date_created DESC LIMIT 1"; + $result = Database::get()->query($sql, "i", $this->id); - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $post = new Post(); - $post->get_from_database($row['post_id'], $dbc); - } - } + $post = new Post(); + $post->get_from_database($result[0]['post_id']); - mysqli_free_result($result); return $post; } } - -function get_all_threads($dbc) { - $sql = "SELECT thread_id FROM threads"; - $result = mysqli_query($dbc, $sql); - - if (!$result) { - echo 'Failed to get threads: ' . mysqli_error($dbc); - } - - $threads = array(); - - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $thread = new Thread(); - $thread->get_from_database($row['thread_id'], $dbc); - array_push($threads, $thread); - } - } - - mysqli_free_result($result); - return $threads; -} diff --git a/includes/model/User.php b/includes/model/User.php index c780ff0..f2bd23d 100644 --- a/includes/model/User.php +++ b/includes/model/User.php @@ -7,44 +7,36 @@ class User { public $id; public $name = 'Unknown'; + public $password; public $date = 0; public $level = 0; - function get_by_name($name, $dbc) + function get_by_name($name): bool { - $sql = "SELECT user_id, user_date, user_level FROM users WHERE user_name = ?"; - $stmt = mysqli_stmt_init($dbc); + $sql = "SELECT user_id, user_date, user_level, user_pass FROM users WHERE user_name = ?"; + $result = Database::get()->query($sql, "s", $name); - if (!mysqli_stmt_prepare($stmt, $sql)) { - echo 'Failed to get user: ' . mysqli_error($dbc); + if (empty($result)) { + return false; } - mysqli_stmt_bind_param($stmt, "s", $name); - mysqli_stmt_execute($stmt); - - $result = mysqli_stmt_get_result($stmt); - - if (mysqli_num_rows($result) == 0) { - } else { - while ($row = mysqli_fetch_assoc($result)) { - $this->id = $row['user_id']; - $this->name = $name; - $this->date = $row['user_date']; - $this->level = $row['user_level']; - } - } + $this->id = $result[0]['user_id']; + $this->name = $name; + $this->password = $result[0]['user_pass']; + $this->date = $result[0]['user_date']; + $this->level = $result[0]['user_level']; - mysqli_free_result($result); - mysqli_stmt_close($stmt); + return true; } function get_by_id($id) { - $sql = "SELECT user_name, user_date, user_level FROM users WHERE user_id = ?;"; + $sql = "SELECT user_name, user_date, user_level, user_pass FROM users WHERE user_id = ?;"; $result = Database::get()->query($sql, "i", $id); $this->id = $id; $this->name = $result[0]['user_name']; + $this->password = $result[0]['user_pass']; $this->date = $result[0]['user_date']; $this->level = $result[0]['user_level']; } -- cgit v1.2.3 From fe3e6194d33d63f149f2a362adf325019278d61e Mon Sep 17 00:00:00 2001 From: cflip <36554078+cflip@users.noreply.github.com> Date: Sat, 24 Apr 2021 19:50:59 -0600 Subject: Use Session class instead of $_SESSION --- includes/model/Post.php | 37 ------------------------------------- 1 file changed, 37 deletions(-) (limited to 'includes/model') diff --git a/includes/model/Post.php b/includes/model/Post.php index 86373b6..67c7e4a 100644 --- a/includes/model/Post.php +++ b/includes/model/Post.php @@ -33,41 +33,4 @@ class Post return true; } - - function display_content($dbc) - { - echo '
#' . $this->id . ''; - echo ' Posted by ' . $this->author->name . ''; - echo ' on ' . date('m/d/Y g:ia', strtotime($this->date_created)); - if (!is_null($this->date_edited)) { - echo ' edited ' . date('m/d/Y g:ia', strtotime($this->date_edited)) . ''; - } - if (isset($_SESSION['signed_in']) && $_SESSION['user_id'] == $this->author->id) { - echo ''; - echo '[Edit/Delete] '; - echo ''; - } - echo '
'; - - $post_content = $this->content; - $thread_id = $this->id; - - $post_content = preg_replace_callback('/>#\d+/', function ($matches) use ($thread_id, $dbc) { - return create_quote($dbc, $thread_id, $matches); - }, $post_content); - - // Replace newline characters with HTML
tags - $post_content = nl2br($post_content); - - // Replace YouTube URLs with embedded YouTube videos. - $post_content = preg_replace( - "/\s*[a-zA-Z\/\/:\.]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/\*\-\_\?\&\;\%\=\.]*)/i", - '
', $post_content); - // Replace Image URLs with embedded images. - $post_content = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+(?:\.jpg|\.png|\.gif))(?![^<]*?(?:|/?>))@i', 'http$2://$3', $post_content); - // Replace other URLs with links. - $post_content = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+)(?![^<]*?(?:|/?>))@i', '$0', $post_content); - - echo '' . $post_content . ''; - } } -- cgit v1.2.3